| Container FortiOS can be deployed in a Minikube cluster to validate functionality such as licensing, configuration loading, and management access. This setup is intended for lab environments and does not represent a production deployment. Prerequisites: - Minikube is installed and operational.
- kubectl is configured to access the cluster.
- Container FortiOS image available in a reachable registry.
Valid Container FortiOS license file. Step 1: Start Minikube. Start the Kubernetes cluster and verify node status.
Minikube start:
kubectl get nodes
Step 2: Create a namespace.
Create a dedicated namespace for the deployment.
apiVersion: v1
kind: Namespace
metadata:
name: Fortinet
Apply the configuration:
kubectl apply -f namespace.yaml
Step 3: Create license ConfigMap.
Create a ConfigMap that contains the FortiOS container license.
apiVersion: v1
kind: ConfigMap
metadata:
name: fos-license
namespace: fortinet
labels:
app: fos
category: license
data:
license: |
--BEGIN FGT VM LICENSE--
<license content>
--END FGT VM LICENSE--
Apply the configuration:
kubectl apply -f license-configmap.yaml
Step 4: Create a configuration ConfigMap.
Create a ConfigMap containing the FortiOS bootstrap configuration.
apiVersion: v1
kind: ConfigMap
metadata:
name: fos-config
namespace: fortinet
labels:
app: fos
category: config
data:
type: "partial"
config: |
config system global
set hostname "cfos-minikube"
end
config system interface
edit "port1"
set mode static
set ip 192.0.2.10 255.255.255.0
set allowaccess ping https ssh
next
end
Apply the configuration:
kubectl apply -f fos-configmap.yaml
Step 5: Deploy Container FortiOS.
Create the deployment definition.
apiVersion: apps/v1
kind: Deployment
metadata:
name: cfos
namespace: fortinet
spec:
replicas: 1
selector:
matchLabels:
app: fos
template:
metadata:
labels:
app: fos
spec:
containers:
- name: cfos
image: <registry>/fortinet/container-fortios:<tag>
imagePullPolicy: IfNotPresent
ports:
- containerPort: 443
- containerPort: 22
volumeMounts:
- name: fos-data
mountPath: /data
volumes:
- name: fos-data
emptyDir: {}
Apply the deployment:
kubectl apply -f cfos-deployment.yaml
Step 6: Expose management access.
Create a service to access the Container FortiOS instance.
apiVersion: v1
kind: Service
metadata:
name: cfos-mgmt
namespace: fortinet
spec:
type: NodePort
selector:
app: fos
ports:
- name: https
protocol: TCP
port: 443
targetPort: 443
nodePort: 30443
- name: ssh
protocol: TCP
port: 22
targetPort: 22
nodePort: 30022
Apply the service:
kubectl apply -f cfos-service.yaml
Step 7: Verify deployment.
Verify that all resources are running.
kubectl -n fortinet get pods
kubectl -n fortinet get svc
kubectl -n fortinet logs deploy/cfos --tail=200
Step 8: Access the FortiOS interface.
Retrieve the access URL.
minikube service -n fortinet cfos-mgmt --url
Alternatively, retrieve the Minikube IP and access the NodePort.
minikube ip
Access the graphical interface:
https://<minikube-ip>:30443
Access via SSH:
ssh admin@<minikube-ip> -p 30022
Notes:
This deployment provides management access only and does not place Container FortiOS inline for traffic inspection.
Multiple interfaces require additional networking configuration such as Multus. Configuration is re-applied from the ConfigMap when the pod is recreated. A valid Container FortiOS license is required for full functionality. Conclusion: Deploying a container FortiOS in Minikube provides a simple method to validate Kubernetes integration, configuration management, and access methods before implementing more advanced multi-interface deployments in full Kubernetes environments. | 
